DOCSLIB.ORG

6 Benefits of Upgrading to Modern Operating Systems

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

OS MIGRATION Te ch 6 Benefits of Upgrading to Modern Operating Systems The end of Windows XP support is just one reason to make the move to Windows 7 or Windows 8.1. If lingering Windows XP systems remain a part of your purview, here are the compelling benefits of moving to modern operating systems — and a quick list of actions you can take to ease the way. Having enjoyed more than a decade of popularity, Windows XP has 3. Enhanced security. Modern versions of Windows include a had a great run. Yet, despite Microsoft’s recent agreement to provide number of security enhancements. For example, Windows 7 features updates to the anti-malware in Windows XP through July 14, 2015, kernel patch protection, service hardening, data execution preven- any PC still running the aging operating system is at risk for expensive tion, mandatory integrity levels, Windows Defender, Action Center, data-loss incidents. The Dell SecureWorks Counter Threat Unit (CTU) BitLocker Drive Encryption and more. Windows 8.1 also features appli- has catalogued more than 760 vulnerabilities in Windows XP, and CTU cation architecture improvements, picture passwords, Windows To Go, predicts “continued discovery and disclosure of new software vulner- and improvements to DirectAccess and AppLocker. Organizations can abilities linked to Windows XP well beyond the end-of-support date.”i further enhance security by selecting a hardware vendor that includes To maintain user productivity and security, most organizations have advanced data protection tools such as encryption, authentication and begun transitioning to modern versions of Windows. As of December malware protection on its enterprise PCs. 2013, more than 47 percent of all PCs were running Windows 7, more 4. Better manageability. Modern Windows can make it easier than 10 percent were running Windows 8 or Windows 8.1, and nearly for IT staff to do their jobs. For example, the scripting capabilities of 29 percent were still running Windows XP.ii Windows 7 let IT automate many common, time-consuming tasks. The OS also includes Windows Troubleshooting Packs, System Restore Six Benefits of a Modern OS improvements, a Problem Steps Recorder and improved monitoring. Not only do these Windows XP systems pose security risks, they also 5. Improved stability. Users experience an average of 40 percent prevent the organization from accessing the benefits of a modern less downtime with a modern operating system, making workers more operating system. Here are six of the most noteworthy. productive and reducing help desk costs.iv 1. Support for modern technology. When Windows XP debuted 6. Lower costs. Organizations retaining Windows XP beyond the in 2001, smartphones, tablets, virtualization, cloud computing, social end-of-support date must pay for custom support, which can cost as networking and Web 2.0 were all off in the future. Windows 7 and Windows 8, by contrast, take advantage of the intervening decade of technological innovation, supporting mobility, touch screens, 64-bit Dell OS Migration Services architecture, virtualization and a host of other advances. The hardware that companies buy today comes with processors and architecture that As the Microsoft U.S. Windows Deployment Partner of the Year cannot run Windows XP. These modern PCs are often thinner, lighter in 2012 and 2013, Dell has handled migrations for organiza- and more reliable than their predecessors and may come with solid tions in more than 100 companies, deploying more than a state drives that increase speed and decrease power consumption. million Windows devices every year. More than 95 percent of Deploying these new PCs requires deploying a new OS. Dell Windows Migration Services customers say they would be 2. Improved productivity. With modern Windows, workers spend likely to repurchase consulting services from Dell. less time waiting. For example, Windows 7 boots 29 percent faster Dell offers end-to-end services for planning, automating and than Windows XP, opens files 54 percent faster and resumes from implementing an operating system migration strategy, as well standby mode up to 73 percent faster. Laptops running Windows 7 as providing the necessary education services for workforces. have 85 percent better battery life than those running Windows XP, No matter the stage of the operating system transition, Dell which means mobile workers can keep working much longer while on can help make migration go more smoothly, saving companies the go. Windows 8 can boot and shut down twice as fast as Windows as much as 55 percent on their related costs. 7, and resume from standby mode 33 percent faster.iii 1 1401104 FEBRUARY 2014 OS MIGRATION much as $200 per PC per year.v The older hardware necessary to run take advantage of all the potential benefits. Combining a hardware Windows XP requires more maintenance, driving support costs even refresh with an OS migration allows for planning and deployment of higher. Companies can reduce costs by leveraging the newer operat- new hardware — including touch-screen devices to enable flexible ing systems’ built-in security and virtualization instead of paying for mobile computing. Also, application readiness presents its own chal- third-party software. Of course, deploying a new OS also incurs costs, lenges. Leveraging automation solutions such as Dell’s ChangeBASE but an experienced consulting partner hired to assist with the transi- can speed the process, and Dell’s application packaging factories test, tion can cut those expenses by as much as 55 percent by increasing remediate and package hundreds of applications every week. the maturity level of their deployment processes, according to IDC.vi Evaluate automation solutions. The right tools can automate the PC build process, including the base image, OS settings, applications, Ensure a Smooth Migration user data migration, domain join and encryption. Dell consultants Consider using an OS migration service provider. Using a migra- use technologies such as Dell Automated Deployment and KACE to tion consultant reduces costs and can ease the OS-upgrade process. simplify migration. In many cases, migration can be so automated Most enterprise IT departments have limited experience conducting that users can self-serve. OS migrations. Third-party consultants do many migrations and pass Prepare a deployment plan. Preparedness for an OS migration on to their clients the benefits of the lessons learned. entails devising a detailed plan and schedule for deployment man- Select which new operating system is right for the systems agement, logistics and staging, image management, application being upgraded. Many businesses are choosing to upgrade to management, data management, user-state migration and post- Windows 7 first because it presents less of a learning curve for users. deployment support. Dell Managed Deployment leverages a unique Others, particularly those deploying touch-screen devices, find that cloud-based migration management tool called Client Deployment it makes sense to upgrade to the new Windows. A hybrid approach Manager to keep migrations on track. with a mix of both modern operating systems works for situations Train the help desk staff and end users. Organizations should with varied client systems, end-user needs and IT support demands. address training proactively, with a plan and schedule for pre- and post- Assess hardware and application readiness. Older systems run- migration training. Dell Education Services offers a range of classroom, ning Windows XP may not be robust enough to run a newer OS or to online and point-of-need solutions for training IT staff and users. Concurrent Steps for Ensuring a Smooth OS Migration Assess Hardware and Application Readiness Train Help Desk Staff and End Users • Refresh aging hardware. • Create pre- and post-migration training plans. • Investigate application testing and remediation • Consider hiring a training partner. solutions such as Dell ChangeBASE. Select an OS Evaluate Automation Solutions Prepare Deployment Plan • Evaluate the strengths of Windows 7 • Compare products and vendors. • Make final technology decisions. and Windows 8. • Decide whether to hire a consultant • Draft a detailed schedule. • Consider a hybrid approach. partner. 2 FEBRUARY 2014 OS MIGRATION Seize the Opportunity Feature Comparison Forward-thinking enterprises are using the OS migration opportunity ■ WINDOWS XP ■ WINDOWS 7 ■ WINDOWS 8.1 to make improvements that will affect the organization for years to come. Many are going beyond simply adopting an OS designed for Enables multitasking more easily ■ ■ ■ mobility to embrace mobile devices that make the workplace more Browse the Web easily and more safely ■ ■ ■ flexible and productive. Some enterprises are improving efficiency and employee satisfac- Finds files and programs instantly ■ ■ ■ tion with bring-your-own-device, choose-your-own-device and/or Opens programs and files you use most in a click or two ■ ■ ■ corporate-owned-personally-enabled (COPE) programs. Many use the application-assessment process as a springboard for better application Supports mouse and keyboard ■ ■ ■ tracking, helping control costs and reduce wasteful spending. Runs Windows XP business programs ■ ■ ■ An OS migration is an ideal time to make changes that affect the bottom line. The brunt of planning and deployment need not burden Fully compatible with 64-bit architecture ■ ■ an already taxed IT workforce. Expert OS and hardware migration Features built-in defense against spyware and malware ■ ■ consultants
Recommended publications
  • Increasing Automation in the Backporting of Linux Drivers Using Coccinelle

    Increasing Automation in the Backporting of Linux Drivers Using Coccinelle

    Increasing Automation in the Backporting of Linux Drivers Using Coccinelle Luis R. Rodriguez Julia Lawall Rutgers University/SUSE Labs Sorbonne Universites/Inria/UPMC/LIP6´ [email protected] [email protected] [email protected], [email protected] Abstract—Software is continually evolving, to fix bugs and to a kernel upgrade. Upgrading a kernel may also require add new features. Industry users, however, often value stability, experience to understand what features to enable, disable, or and thus may not be able to update their code base to the tune to meet existing deployment criteria. In the worst case, latest versions. This raises the need to selectively backport new some systems may rely on components that have not yet been features to older software versions. Traditionally, backporting has merged into the mainline Linux kernel, potentially making it been done by cluttering the backported code with preprocessor impossible to upgrade the kernel without cooperation from the directives, to replace behaviors that are unsupported in an earlier version by appropriate workarounds. This approach however component vendor or a slew of partners that need to collaborate involves writing a lot of error-prone backporting code, and results on developing a new productized image for a system. As an in implementations that are hard to read and maintain. We example, development for 802.11n AR9003 chipset support consider this issue in the context of the Linux kernel, for which on the mainline ath9k device driver started on March 20, older versions are in wide use. We present a new backporting 2010 with an early version of the silicon, at which point the strategy that relies on the use of a backporting compatability most recent major release of the Linux kernel was v2.6.32.
  • Download Date 24/09/2021 14:31:55

    Download Date 24/09/2021 14:31:55

    To Upgrade or Not To Upgrade Application Item Type Thesis Authors Francisco, Neil Download date 24/09/2021 14:31:55 Link to Item http://hdl.handle.net/20.500.12648/1799 To Upgrade or Not To Upgrade Application __________________________ A Master's Thesis Project Presented to the Department of Communication and Information Design __________________________ In Partial Fulfillment of the Requirements for the Master of Science Degree State University of New York Polytechnic Institute By Neil Francisco May 2021 TO UPGRADE OR NOT TO UPGRADE SUNY POLYTECHNIC INSTITUTE DEPARTMENT OF INFORMATION DESIGN AND TECHNOLOGY CERTIFICATE OF APPROVAL Approved and recommended for acceptance as a thesis in partial fulfillment of the requirements for the degree of Master of Science in Information Design and Technology. ____________________June 11, 2021 DATE ________________________________ Dr. Kathryn Stam Thesis Advisor ____________________ DATE ________________________________ Dr. Ryan Lizardi Second Reader 2 TO UPGRADE OR NOT TO UPGRADE ABSTRACT New Technology consists of new hardware devices, computational workflows, digital advances, and information systems. As technology continues to evolve over the years, this never-ending cycle of new devices and experiences will always be present amongst consumers. Traditionally, new hardware devices are intriguing because they are designed to improve our access to information, media, and a connection to the digital world, but does this mean our previous-gen devices are no longer valuable? This project involves creating a prototype application designed for both computer and mobile interfaces to help improve the accessibility to information and the overall user experience with an older device. The “To Upgrade or Not To Upgrade” app will inform end-users of their older technological device specifications and suggest hardware/software methods to unlock their full potential.
  • Hypervisor-Based Active Data Protection for Integrity And

    Hypervisor-Based Active Data Protection for Integrity And

    The 13th Annual ADFSL Conference on Digital Forensics, Security and Law, 2018 HYPERVISOR-BASED ACTIVE DATA PROTECTION FOR INTEGRITY AND CONFIDENTIALITY OF DYNAMICALLY ALLOCATED MEMORY IN WINDOWS KERNEL Igor Korkin, PhD Security Researcher Moscow, Russia [email protected] ABSTRACT One of the main issues in the OS security is providing trusted code execution in an untrusted environment. During executing, kernel-mode drivers dynamically allocate memory to store and process their data: Windows core kernel structures, users’ private information, and sensitive data of third-party drivers. All this data can be tampered with by kernel-mode malware. Attacks on Windows-based computers can cause not just hiding a malware driver, process privilege escalation, and stealing private data but also failures of industrial CNC machines. Windows built-in security and existing approaches do not provide the integrity and confidentiality of the allocated memory of third-party drivers. The proposed hypervisor-based system (AllMemPro) protects allocated data from being modified or stolen. AllMemPro prevents access to even 1 byte of allocated data, adapts for newly allocated memory in real time, and protects the driver without its source code. AllMemPro works well on newest Windows 10 1709 x64. Keywords: hypervisor-based protection, Windows kernel, Intel, CNC security, rootkits, dynamic data protection. 1. INTRODUCTION The vulnerable VirtualBox driver (VBoxDrv.sys) Currently, protection of data in computer memory has been exploited by Turla rootkit and allows to is becoming essential. Growing integration of write arbitrary values to any kernel memory (Singh, ubiquitous Windows-based computers into 2015; Kirda, 2015). industrial automation makes this security issue critically important.
  • Kernel Integrity Analysis

    Kernel Integrity Analysis

    Project CS2 AAVR Kernel Integrity Analysis Major Qualifying Project Submitted to the Faculty of Worcester Polytechnic Institute in partial fulfillment of the requirements for the Degree in Bachelor of Science in Computer Science By Caleb Stepanian [email protected] Submitted On: October 27, 2015 Project Advisor: Professor Craig Shue [email protected] This report represents work of WPI undergraduate students submitted to the faculty as evidence of a degree requirement. WPI routinely publishes these reports on its web site without editorial or peer review. For more information about the projects program at WPI, see http: // www. wpi. edu/ Academics/ Projects . Abstract Rootkits are dangerous and hard to detect. A rootkit is malware specifically de- signed to be stealthy and maintain control of a computer without alerting users or administrators. Existing detection mechanisms are insufficient to reliably detect rootkits, due to fundamental problems with the way they do detection. To gain control of an operating system kernel, a rootkit edits certain parts of the kernel data structures to route execution to its code or to hide files that it has placed on the file system. Each of the existing detector tools only monitors a subset of those data structures. This MQP has two major contributions. The first contribution is a Red Team analysis of WinKIM, a rootkit detection tool. The analysis shows my attempts to find flaws in WinKIM's ability to detect rootkits. WinKIM monitors a particular set of Windows data structures; I attempt to show that this set is insufficient to detect all possible rootkits. The second is the enumeration of data structures in the Windows kernel which can possibly be targeted by a rootkit.
  • CGD Compute Infrastructure Upgrade Plan

    CGD Compute Infrastructure Upgrade Plan

    CGD Compute Infrastructure Upgrade Plan 1.0 Introduction The CGD Information Systems (IS) Group (ISG) is charged with providing a modern, progressive, and stable computing environment for the CGD user community. Scientists, engineers, and support staff should be able to concentrate on their individual duties without worrying about systems administration. The current infrastructure is being redesigned and upgraded to meet this goal. Achieving this on a restricted budget requires careful planning, time for implementation, and communication between the user community and the systems staff. Services provided by infrastructure systems will be distributed to provide ease of recovery, ease of upgrade, and flexibility to meet the growing needs of the Division. Hardware will be reused where possible, and eliminated if beyond reasonable use. Automation of services (software builds, user addition/deletion, etc) will be key to managing the growing demands. 2.0 Future CGD Computing Trends Written surveys from 2001 and meetings with each of the sections have revealed a wide variety of needs, desires, and deficiencies. Each section has a unique set of needs that often do not complement other sections. The one common factor among all sections is that more of everything will be needed to meet the common CGD goals: · More disk space for project data, home directories, and e-mail. · More Linux support to take advantage of the price/performance x86 hardware offers. · More computational processing power for modeling development. · More Microsoft products to support presentation/documentation efforts. · More laptops (MS and Linux) for travel and home use. 3.0 General Problems Computers have a useful life span that averages three years.
  • The Ultimate Guide to Software Updates on Embedded Linux Devices

    The Ultimate Guide to Software Updates on Embedded Linux Devices

    The ultimate guide to software updates on embedded Linux devices foss-north 2018 Mirza Krak Session Overview ● Intro ● Basics ● FOSS ecosystem ○ Strategy ○ Key Features ○ Community 2 Mirza Krak ● FOSS enthusiast ● Board Support Package development ● Linux kernel developer ● Yocto/OE-core ● Disclaimer: Mender community member 3 Embedded Linux Devices @internetofshit 4 Embedded Linux environment ● Remote in some cases ○ No physical access to devices ● Long life span ○ 5-10 years ● Unreliable power supply ○ Power loss at any given time ● Unreliable network ○ Mobile ○ Low bandwidth 5 Why do we need update software? ● Fixing issues (bugs) ● Feature growth ● Security updates 6 Software update on-site ● No connectivity ● Easy access to an device ● USB Flash drive ● Technician 7 Software updates (OTA) ● No easy access to device ● Deployment management server ○ status reports ○ current versions 8 What to we need to update? U-boot Linux + DTB Root file-system (distro) Root file-system (apps) MCU/FPGA 9 Requirements (basic) ● Able to update all components ○ Unsafe to update bootloader ● Never render the device unusable (brick) ○ Fail-safe ● Atomic updates ○ No partial install ● Roll-back ○ Not always possible ● Integrity check ● Signed images ○ Trusted images ● Compatibility check ● Persistent data storage 10 Requirements (basic OTA) ● Secure communication channel ○ Encrypted ● Device Authentication (trust) 11 Alternative approaches ● Image/block based updates ○ Easy to implement, test, verify and maintain ● Incremental atomic image upgrade mechanism
  • Consumer Response to Versioning: How Brands Production Methods Affect Perceptions of Unfairness

    Consumer Response to Versioning: How Brands Production Methods Affect Perceptions of Unfairness

    Consumer Response to Versioning: How Brands’ Production Methods Affect Perceptions of Unfairness ANDREW D. GERSHOFF RAN KIVETZ ANAT KEINAN Marketers often extend product lines by offering limited-capability models that are created by removing or degrading features in existing models. This production method, called versioning, has been lauded because of its ability to increase both consumer and firm welfare. According to rational utility models, consumers weigh benefits relative to their costs in evaluating a product. So the production method should not be relevant. Anecdotal evidence suggests otherwise. Six studies show how the production method of versioning may be perceived as unfair and unethical and lead to decreased purchase intentions for the brand. Building on prior work in fairness, the studies show that this effect is driven by violations of norms and the perceived similarity between the inferior, degraded version of a product and the full-featured model offered by the brand. The idea of Apple gratuitously removing fea- been recommended by economists as a production method tures that would have been actually easier to that benefits both firms and consumers (Deneckere and leave in is downright perplexing. McAfee 1996; Hahn 2006; Varian 2000). Firms benefit by reducing design and production costs and by increasing profits The intentional software crippling stance they have taken with the iPod Touch is disturbing through price discrimination when multiple configurations of at best. (Readers’ responses to iPod Touch re- a product are offered. Consumers benefit because versioning view on www.engadget.com) results in lower prices and makes it possible for many to gain access to products that they might otherwise not be able to afford (Shapiro and Varian 1998; Varian 2000).
  • Oracle Unbreakable Linux: an Overview

    Oracle Unbreakable Linux: an Overview

    Oracle Unbreakable Linux: An Overview An Oracle White Paper September 2010 Oracle Unbreakable Linux: An Overview INTRODUCTION Oracle Unbreakable Linux is a support program that provides enterprises with industry-leading global support for the Linux operating system at significantly lower costs. The support program, which is available for any customer whether or not they’re running Oracle Unbreakable Linux currently includes support for three architectures: x86; x86-64 (e.g. the latest Intel Xeon and AMD Opteron chips, as used by most Linux customers); and Linux Itanium (ia64). The program offers support for any existing Red Hat Enterprise Linux installations and for new installations of Oracle Linux, an open source Linux operating system that is fully compatible— both source and binary—with Red Hat Enterprise Linux. Complete Support for the Complete Software Stack Oracle’s industry-leading support organization offers expertise that looks at the entire application stack running on top of Linux; only Oracle delivers complete support for the complete software stack—database, middleware, applications, management tools, and the operating system itself. By delivering enterprise-class quality support for Linux, Oracle addresses a key enterprise requirement from customers. When problems occur in a large, complex enterprise environment, it’s often impossible to reproduce such occurrences with very simple test cases. Customers need a support vendor who understands their full environment, and has the expertise to diagnose and resolve the problem by drawing from their knowledge of and familiarity with their framework, as opposed to requesting a simple reproducible test case. Another customer demand is for bug fixes to happen in a timely manner, as customers cannot always afford to wait for months to get a fix delivered to them.
  • Return-Oriented Rootkits: Bypassing Kernel Code Integrity Protection Mechanisms

    Return-Oriented Rootkits: Bypassing Kernel Code Integrity Protection Mechanisms

    Return-Oriented Rootkits: Bypassing Kernel Code Integrity Protection Mechanisms Ralf Hund Thorsten Holz Felix C. Freiling Laboratory for Dependable Distributed Systems University of Mannheim, Germany [email protected], fholz,[email protected] Abstract In recent years, several mechanism to protect the in- tegrity of the kernel were introduced [6, 9, 15, 19, 22], Protecting the kernel of an operating system against at- as we now explain. The main idea behind all of these tacks, especially injection of malicious code, is an impor- approaches is that the memory of the kernel should be tant factor for implementing secure operating systems. protected against unauthorized injection of code, such as Several kernel integrity protection mechanism were pro- rootkits. Note that we focus in this work on kernel in- posed recently that all have a particular shortcoming: tegrity protection mechanisms and not on control-flow They cannot protect against attacks in which the attacker integrity [1, 7, 14, 18] or data-flow integrity [5] mech- re-uses existing code within the kernel to perform mali- anisms, which are orthogonal to the techniques we de- cious computations. In this paper, we present the design scribe in the following. and implementation of a system that fully automates the process of constructing instruction sequences that can be 1.1 Kernel Integrity Protection Mecha- used by an attacker for malicious computations. We eval- uate the system on different commodity operating sys- nisms tems and show the portability and universality of our Kernel Module Signing. Kernel module signing is a approach. Finally, we describe the implementation of a simple approach to achieve kernel code integrity.
  • Installing Windows 2016/2019 Drivers

    Installing Windows 2016/2019 Drivers

    Installing Windows 2016/2019 Drivers • Prerequisite for Installing Windows 2016/2019 Drivers, on page 1 • Installing Windows 2016/2019 Drivers During OS Install, on page 2 • Updating Windows 2016/2019 Drivers, on page 2 Prerequisite for Installing Windows 2016/2019 Drivers Ensure that you adhere to the following best practice for installing the Windows drivers. You must upgrade the infrastructure in the following order before upgrading the drivers. • Upgrade the infrastructure firmware which includes the UCS Manager, the fabric interconnects, and the chassis I/O modules. • Upgrade the server and adapter firmware. Caution Failure to adhere to the proper upgrade sequence can cause the server to crash. Caution The driver installation file modifies certain registry entries, such as the disk timeout value of the system disk driver. Removing the driver does not restore these values. Note Before installing the drivers, the interrupt count should be set to greater than or equal to (2*logical processors + 4) for VIC 14XX adapters. The interrupt value can be rounded up to the nearest second power. For more information on how to set the interrupt field for Ethernet adapter policies in the UCS Manager GUI, refer to the UCSM Network Management Guide. Installing Windows 2016/2019 Drivers 1 Installing Windows 2016/2019 Drivers Installing Windows 2016/2019 Drivers During OS Install Installing Windows 2016/2019 Drivers During OS Install If you are installing Windows on a FC or iSCSI LUN, you must install Cisco VIC drivers for Windows during the OS installation. If you do not provide the drivers during the OS installation, the system is not able to detect the LUN.
  • Integrity Checking of Function Pointers in Kernel Pools Via Virtual Machine Introspection

    Integrity Checking of Function Pointers in Kernel Pools Via Virtual Machine Introspection

    Integrity Checking of Function Pointers in Kernel Pools via Virtual Machine Introspection Irfan Ahmed, Golden G. Richard III, Aleksandar Zoranic, Vassil Roussev Department of Computer Science, University of New Orleans Lakefront Campus, New Orleans, LA 70148, United States [email protected], [email protected], [email protected], [email protected] Abstract. With the introduction of kernel integrity checking mecha- nisms in modern operating systems, such as PatchGuard on Windows OS, malware developers can no longer easily install stealthy hooks in kernel code and well-known data structures. Instead, they must target other areas of the kernel, such as the heap, which stores a large number of function pointers that are potentially prone to malicious exploits. These areas of kernel memory are currently not monitored by kernel integrity checkers. We present a novel approach to monitoring the integrity of Windows ker- nel pools, based entirely on virtual machine introspection, called Hook- Locator. Unlike prior efforts to maintain kernel integrity, our implemen- tation runs entirely outside the monitored system, which makes it inher- ently more difficult to detect and subvert. Our system also scales easily to protect multiple virtualized targets. Unlike other kernel integrity check- ing mechanisms, HookLocator does not require the source code of the operating system, complex reverse engineering efforts, or the debugging map files. Our empirical analysis of kernel heap behavior shows that in- tegrity monitoring needs to focus only on a small fraction of it to be effective; this allows our prototype to provide effective real-time moni- toring of the protected system. Keywords: virtual machine introspection; malware; operating systems.
  • Microsoft Security Intelligence Report

    Microsoft Security Intelligence Report

    Microsoft Security Intelligence Report Volume 11 An in-depth perspective on software vulnerabilities and exploits, malicious code threats, and potentially unwanted software in the first half of 2011 Microsoft Security Intelligence Report This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT. This document is provided “as-is.” Information and views expressed in this document, including URL and other Internet Web site references, may change without notice. You bear the risk of using it. Copyright © 2011 Microsoft Corporation. All rights reserved. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. ii Authors Joe Faulhaber John Lambert Dave Probert Hemanth Srinivasan Microsoft Malware Protection Microsoft Security Microsoft Security Microsoft Malware Protection Center Engineering Center Engineering Center Center David Felstead Marc Lauricella Tim Rains Holly Stewart Bing Microsoft Trustworthy Microsoft Trustworthy Microsoft Malware Protection Computing Computing Center Paul Henry Wadeware LLC Aaron Margosis Mark E. Russinovich Matt Thomlinson Microsoft Public Sector Microsoft Technical Fellow Microsoft Security Response Jeff Jones Services Center Microsoft Trustworthy Weijuan Shi Computing Michelle Meyer Windows Business Group Jeff Williams Microsoft Trustworthy Microsoft Malware Protection Ellen Cram Kowalczyk Computing Adam Shostack Center Microsoft Trustworthy Microsoft Trustworthy